I always run it with --no-self-upgrade but I have to upgrade from time to time if I want it to keep working. We are not talking about some box that will be gone in 3 years. Another client still seems to be the better choice.
Actually that step was only required for the first install.
As the certbot-auto script is deprecated anyway, yes, that might be better indeed. But for the short run, you can run the previous version if you really need to.
If you're paranoid about security though, it really is the ultimate DIY approach. Fully-downloadable, all-inclusive JS with no key sharing (account or certificate). Tin foil hat optional.
It seems like most active projects are trending toward docker or snap distribution at this point. Hopefully that'll make snap less painful to use over time, but I really don't see sticking with native distribution as a long-term viable alternative, even acme.sh. Sure would be nice to have a better deprecation message telling you what the successor is, of course.
I beg to differ. I'm running Gentoo and don't use binary packages. Snapd doesn't even run on non-systemd systems. I see docker as a system for people who are new to Linux and need an easy method.
Personally I am fond of agnostic approaches like PHP and JS with minimal/no extension that leave handling the underlying details to the platform. They let me focus on developing and maintaining my client rather than worrying about porting issues.
Fair point. To avoid such dependencies I try to only use the base functionality (i.e. standard libraries almost always included with the base install). I'm not too worried about PHP deprecating openssl or curl.